Cisco Cisco Firepower Management Center 4000 Developer's Guide

The Attribute Value data block conveys attribute identification numbers and values for host attributes. 
An Attribute Value data block for each attribute applied to the host in the event is included in a list in 
the Full Host Profile data block. The Attribute Value data block has a block type of 48 in the series 1 
group of blocks.

The following diagram shows the format of the Attribute Value data block: 

The following table describes the components of the Attribute Value data block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Attribute Value Block Type (48)

Attribute Value Block Length

Attribute ID

Attribute Type

Attribute Integer Value

String Data Block (0)

String Block Length

Attribute Value String...

Attribute Value 
Block Type

uint32

Initiates an Attribute Value data block. This value is always 

48

.

Attribute Value 
Block Length

uint32

Total number of bytes in the Attribute Value data block, including 
eight bytes for the attribute value block type and length fields, plus 
the number of bytes of attribute block data that follows.

Attribute ID

uint32

The identification number for the attribute. 

Attribute Type

uint32

Type of affected attribute. Possible values are:

0

 - attribute with text as value; this uses string data

1

 - attribute with value in range; this uses integer data

2

 - attribute with a list of possible values, this uses integer data

3

 - attribute with a URL as value; this uses string data

4

 - attribute with binary BLOB as value; this uses string data

Attribute Integer 
Value

uint32

Integer value for the attribute, if applicable.